CVE-2023-53869
File Upload Vulnerability in WEBIGniter Enables Remote Code Execution
Publication date: 2025-12-15
Last updated on: 2025-12-15
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| webigniter | webigniter | 28.7.23 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2023-53869 is a file upload vulnerability in WEBIGniter version 28.7.23 that allows authenticated users to upload malicious PHP files through the media upload function. These uploaded PHP scripts can then be executed on the server, enabling remote code execution (RCE). This means that any user with an account can exploit this flaw to run arbitrary code on the application server, potentially compromising the system. [1, 2]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized remote code execution on the server hosting the WEBIGniter application. Attackers can upload and execute malicious PHP scripts, which may lead to full system compromise, data theft, service disruption, or further attacks within the network. Because the attack requires only an authenticated user account, any user with access can exploit this vulnerability, making it highly dangerous. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to upload a PHP file through the media upload function using an authenticated account. For example, uploading a simple PHP payload such as `<?php phpinfo(); ?>` and then accessing the uploaded file to see if it executes can confirm the vulnerability. Commands to test this might include using curl or wget to upload the PHP file via HTTP POST to the media upload endpoint, followed by accessing the uploaded file URL to check for execution. Specific commands are not provided in the resources, but the exploit-db resource includes proof-of-concept exploits and reproduction instructions demonstrating this approach. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting or disabling the media file upload functionality for authenticated users until a patch is applied, validating and sanitizing uploaded files to prevent PHP or other executable files from being uploaded, and monitoring for any suspicious uploads or execution attempts. Additionally, applying any available patches or updates from the vendor as soon as they are released is critical. Since the vulnerability allows remote code execution via uploaded PHP files, preventing the upload or execution of such files is essential. [1, 2]